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1.Which of these must be true in order for a vendor risk issue to be visible in the Vendor Portal? 
A. There must be at least one secondary contact for the vendor 

B. The primary vendor contact must have the sn_vdr_issues role 

C. Issues are always visible in the vendor portal 

D. The Visible in vendor portal field must have a value of true 

Answer: D 


2.What are the features of Vendor Risk Issues? (Choose two.) 

A. Generate audit tasks for the vendor risk team 

B. Can only be seen by the customer’s vendor risk team 

C. Provide vendor direct access to update and respond to Issues 

D. Can be generated on-demand or automatically due to an incorrect answer 
Answer: C,D 


3.During the Generating Observations phase of the Vendor Risk Assessment, what action might be taken 
by the Risk Assessor? 

A. Create issues from the assessment if necessary 

B. Update the vendor risk score 

C. Email the vendor 

D. Answer questions the vendor forgot to answer 

Answer: A 


4.Vendor Risk Tasks are saved to which one of the following tables? 
A. [task] 

B. [planned_task] 

C. [sn_vendor_risk_task] 

D. [sn_vdr_risk_asmt_task] 

Answer: C 


5.How are Vendor Risk questionnaires and document requests displayed on the Vendor Portal? 
A. As separate requests and can be assigned to different vendor contacts 

B. As separate requests and can only be assigned to the same vendor contact 

C. As a single assessment assigned to a single vendor contact 

D. As a single assessment assigned to a single engagement contact 

Answer: C 


6.Which of these options can be used in data cleansing when importing vendor data? (Choose three.) 
A. Data Policies 

B. Access Control Lists 

C. Field Normalization Rules 

D. Fix Scripts 

E. Data Import or Data Source Transform 

F. UI Policies 

Answer: C,D,E 
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7.What is the definition of ‘Risk Management’? 

A. Policies/Standards/Procedures established to ensure an organization is aligned with corporate strategy 
and expectations are clearly defined 

B. The process of conforming to standards, policies, and remediation of audit findings 

C. The elimination of vulnerable surface area in an enterprise environment 

D. Process to identify, assess, and respond to risks, threats and vulnerabilities that could compromise the 
business 

Answer: D 

Explanation: 

Reference: 
https://www.techtarget.com/searchsecurity/definition/What-is-risk-management-and-why-is-it-important 


8.The Vendor records are stored in which table? 
A. Company [core_company] 

B. Department [cmn_department] 

C. Task [task] 

D. User [sys_user] 

Answer: A 


9.Which statements most accurately describe assignments to vendor contacts? (Choose two.) 
A. Individual sections in the questionnaire or document request can be assigned 

B. A questionnaire or document request cannot be assigned to multiple vendor contacts 

C. A questionnaire can be read by vendor contacts that are not assigned 

D. A questionnaire can only be completed by assigned vendor contacts 

Answer: A,D 


10.What third-party vendor security evaluation solutions are commonly integrated with VRM 
out-of-the-box? (Choose two.) 

A. MyScoreMetrics 

B. Vendor Insights 

C. Bitsight 

D. Security Scorecard 

Answer: C,D 


11.For each questionnaire template/assessment metric type, how many vendor risk areas can be 
designated? 

A. One 

B. As many as desired 

C. None 

D. Two 

Answer: B 


